Vulnerabilities > Cisco > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-07 | CVE-2015-0602 | Information Exposure vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | 5.0 |
2015-02-07 | CVE-2015-0600 | Improper Input Validation vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. | 5.0 |
2015-02-07 | CVE-2015-0605 | Permissions, Privileges, and Access Controls vulnerability in Cisco Asyncos The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. | 4.3 |
2015-02-07 | CVE-2015-0604 | Improper Input Validation vulnerability in Cisco products The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. | 5.0 |
2015-02-07 | CVE-2015-0603 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. | 4.6 |
2015-02-07 | CVE-2015-0601 | Improper Input Validation vulnerability in Cisco products Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | 4.6 |
2015-02-07 | CVE-2013-5557 | Unspecified vulnerability in Cisco Adaptive Security Appliance Software The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. network cisco | 6.3 |
2015-02-03 | CVE-2015-0599 | 7PK - Security Features vulnerability in Cisco Unified Computing System The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | 4.3 |
2015-02-03 | CVE-2014-8021 | Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149. | 4.3 |
2015-02-03 | CVE-2014-8013 | Improper Input Validation vulnerability in Cisco Nx-Os The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | 4.9 |